The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 25, 2026 10:29pm

@cursor review

PR Summary

Medium Risk
Adds a new public-facing form + API endpoint that sends email (with rate limiting) and changes email header handling to prevent injection; errors here could impact lead capture or outbound email delivery. Remaining changes are mostly SEO/docs metadata and UI polish, lower risk.

Overview
Adds a new “Request/Book a demo” flow: a DemoRequestModal with zod validation is wired into the landing Hero, Pricing, and Enterprise CTA, and a new POST /api/demo-requests endpoint validates input, rate-limits by IP, and sends a transactional email to enterprise@….

Hardens outbound email handling by adding email-header control character detection and subject sanitization in mailer.ts, reusing the same constraints in help/integration-request APIs; accompanying tests are updated/expanded.

Improves integrations SEO and rendering by switching metadata/canonicals to getBaseUrl(), adding integrations to sitemap.ts, using next/image in dropdowns/integration pages, and ensuring related-integrations CTA renders consistently.

Updates docs/data generation: expands HubSpot tool docs (deals/tickets/line items/quotes/appointments/carts/owners/marketing events/lists + pagination fields), tweaks Rippling paging wording, enriches many integration operation descriptions in integrations.json, improves generate-docs.ts tool-id mapping via switch/case parsing, and fixes Upstash tool-id selection mapping.

^{Written by Cursor Bugbot for commit 769a804. Configure here.}

Greptile Summary

This PR replaces external Typeform links with a native DemoRequestModal component across the hero and pricing sections of the landing page, and introduces a new /api/demo-requests endpoint that sends an internal email notification to enterprise@sim.ai.

• New DemoRequestModal — A fully controlled, client-rendered form with inline Zod validation (field-level errors, control-character guards on name fields, email format validation) and distinct success/error states. The modal is wired to both the hero page and the Enterprise pricing card.
• New /api/demo-requests route — Rate-limited per IP (10 tokens, 5 refill/min), server-side Zod validation with demoRequestSchema, and sendEmail with the validated payload sent to the enterprise inbox.
• Email header injection hardening — Addresses prior review feedback by adding NO_EMAIL_HEADER_CONTROL_CHARS_REGEX to firstName/lastName schema constraints and adding a prepareEmailHeaders function in mailer.ts that validates recipients/sender/reply-to for control characters and sanitizes subjects.
• Accessibility and SEO improvements — Adds a skip-to-main-content link, removes userScalable: false from the global viewport, replaces decorative <h1> tags inside preview components with <p>, and adds integration pages to the sitemap.
• blog-dropdown and docs-dropdown — Migrated from plain <img> to next/image with fill and explicit sizes props for better LCP optimization.

Confidence Score: 5/5

• Safe to merge — all prior security concerns have been addressed and no new critical issues were found.
• The PR is well-structured: the email header injection concern from prior review is fully resolved (both at the schema level and in prepareEmailHeaders), the useMemo nit and the resetForm/submitSuccess ordering concern are gone, client- and server-side validation are consistent, rate limiting is in place, and the new EMCN FormField component follows existing patterns. The only remaining comments are minor style suggestions (unused dep in useCallback, redundant role='presentation', and a silent default in the Upstash switch) that do not affect correctness or security.
• No files require special attention.

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant User
    participant DemoRequestModal
    participant API as /api/demo-requests
    participant Mailer as mailer.ts
    participant Email as Email Provider

    User->>DemoRequestModal: Click "Get a demo" / "Book a demo"
    DemoRequestModal->>DemoRequestModal: Client-side Zod validation (demoRequestSchema)
    alt Validation fails
        DemoRequestModal-->>User: Show inline field errors
    else Validation passes
        DemoRequestModal->>API: POST /api/demo-requests (JSON body)
        API->>API: IP rate-limit check (10 tokens/min)
        alt Rate limit exceeded
            API-->>DemoRequestModal: 429 Too Many Requests
            DemoRequestModal-->>User: Show error message
        else Within limit
            API->>API: Server-side Zod validation + control-char check
            API->>Mailer: sendEmail({ to: enterprise@sim.ai, replyTo: companyEmail })
            Mailer->>Mailer: prepareEmailHeaders() — validate recipients, sanitize subject
            Mailer->>Email: Send transactional email
            Email-->>Mailer: Success / Failure
            Mailer-->>API: { success: true }
            API-->>DemoRequestModal: 201 { success: true }
            DemoRequestModal-->>User: Show success screen
        end
    end

_{Reviews (3): Last reviewed commit: "fix(upstash): throw on unknown operation..." | Re-trigger Greptile}

@greptile review

@cursor review

@greptile